3rd Party -> Group Policy Editors and Import policies "on the fly"?

G

Guest

Hi gang.

I have two questions for you:

1.) I've been trying to lock down a user group through the gpedit.msc (no active directory) and this is o.k. Howevery I would like to create my own "lockdown" policy for about 3000 users and I do not want to go around and doing so for all of the mashines. Again, no active directory, and I will not be able to use it!

So, in essense, is there a 3rd party tool that "GUI" wizecan create a template for me so that I can save it into a file?

2.) With the created policy file, how do I import the policy into the Group when not using Active Directory?

Thanks a mill.

PS: I've tried to learn the policy template format but I simply dont get it. I really need a GUI tool.
 
M

Marco

Hi!

group policies are, at the very end, written to the registry. You may want
to get a snapshot of the registry before and after and then move all changes
into a single .reg and then merge those into the registry of each computer.
I think InstallWatch and regmon may be able to help you out.

--
Execute applications with elevated privileges [ www.neovalens.com ]
--


A. Garcia said:
Hi gang.

I have two questions for you:

1.) I've been trying to lock down a user group through the gpedit.msc (no
Click to expand...
active directory) and this is o.k. Howevery I would like to create my own
"lockdown" policy for about 3000 users and I do not want to go around and
doing so for all of the mashines. Again, no active directory, and I will not
be able to use it!
So, in essense, is there a 3rd party tool that "GUI" wizecan create a
Click to expand...
template for me so that I can save it into a file?
2.) With the created policy file, how do I import the policy into the
Click to expand...
Group when not using Active Directory?
Thanks a mill.

PS: I've tried to learn the policy template format but I simply dont get
Click to expand...
it. I really need a GUI tool.
 
G

Guest

Hi Marco, thank you for your answer

I truely believe that your approach will work, but it sound way too riscfull

BTW: I've used gpedit.msc as the Administrator, but is seems to affect all users on the mashine. Remember, I'm not using Active Directory. Why is this?
 
S

Steven L Umbach

I have not tried the tip in the link below, but it may be worth a look at
where you basically configure one computer and then copy that
\winnt\system32\group policy folder to other computers. For security policy
only you can import templates that you create into other computers using
secedit. --- Steve

http://www.jsiinc.com/subh/tip3600/rh3612.htm

A. Garcia said:
Hi gang.

I have two questions for you:

1.) I've been trying to lock down a user group through the gpedit.msc (no
Click to expand...
active directory) and this is o.k. Howevery I would like to create my own
"lockdown" policy for about 3000 users and I do not want to go around and
doing so for all of the mashines. Again, no active directory, and I will not
be able to use it!
So, in essense, is there a 3rd party tool that "GUI" wizecan create a
Click to expand...
template for me so that I can save it into a file?
2.) With the created policy file, how do I import the policy into the
Click to expand...
Group when not using Active Directory?
Thanks a mill.

PS: I've tried to learn the policy template format but I simply dont get
Click to expand...
it. I really need a GUI tool.
 
G

Guest

Thank you for the great answer.

Will I then be able to apply some policies to some user groups and not others without the Active Directory.

So far, I've only managed to be able to change everything for all users on the mashine!!! Darnit....
 
S

Steven L Umbach

There is an unsupported hack that involves configuring deny ntfs permissions
to the \winnt\system32\group policy\users folder for exempt users and a KB
article with another method. Be sure to test and document results before
rolling out. --- Steve

http://www.jsifaq.com/sube/tip2400/rh2492.htm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q293655&

A. Garcia said:
Thank you for the great answer.

Will I then be able to apply some policies to some user groups and not
Click to expand...
others without the Active Directory.
 
M

Marco

Hi

I think that it is because a machine-polciy rather than a user-policy. I
think that locally you can only create machine policies.

--
Execute applications with elevated privileges [ www.neovalens.com ]
--


A. Garcia said:
Hi Marco, thank you for your answer.

I truely believe that your approach will work, but it sound way too riscfull.

BTW: I've used gpedit.msc as the Administrator, but is seems to affect all
Click to expand...
users on the mashine. Remember, I'm not using Active Directory. Why is this?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using the 2003 Group Policy tool 1
Setting up a Group Policy to sync with 3rd party time provider 1
group policy and IE 6.0 2
I can't aply group policy; event id error: 1095, 1058 and 1030 2
Local Machine vs. Domain Group Policy 11
group policies and IE 6.0 1
Help in trying to apply a group policy to home computer. 2
Policies on XP machines in NT4Serv. Domain 1

Top